How NSA weakens encryption to access internet traffic

The internet is full of holes. The spy agencies in the US and UK have forced technology suppliers to deliberately weaken security measures in the online computing systems that everyone uses. As a result they may have compromised everybody's security - since the vulnerabilities can be exploited by anybody who discovers them.

The revelations appear in the latest batch of NSA and GCHQ documents leaked by the former NSA contractor Edward Snowden, now an exile in Russia.

The leaks appear to confirm long-held suspicions that the agencies covertly collude with tech firms to introduce "back doors" that bypass built-in computer security measures - like passwords, two-factor authentication and encryption - to get straight to the files they want.

Today's joint reports from The Guardian, The New York Times and website ProPublica might leave you with the impression that the agencies have made a mathematical breakthrough that renders encryption defunct. But the NSA has simply relied on plain old-fashioned spying to influence and infiltrate the internet security firms we trust.

"I'm pretty sure they are reporting well-known possibilities of cheating around cryptography," says Markus Kuhn of the University of Cambridge, placing "back doors" in commonly used software to allow the agencies access to secret messages.

One of the leaked documents reveals that the NSA and GCHQ aim to "insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets". An "endpoint communications system" simply means a computer, tablet or cellphone.

For example, most encryption algorithms require a random number generator to produce secure keys. "One of the oldest tricks in the book is to modify the random number generator so it outputs only a tiny subset of all the random numbers it normally should," says Kuhn – a bit like subtly weighing a die to roll 6 more often than it should.

This change would mean the software can only produce a much smaller list of secret keys than it should, though the number of keys is still too vast for you to notice the change without looking closely. If you know about the vulnerability, however, you can attempt to crack encrypted messages using only the smaller list of keys. That makes it more feasible to use brute force to crack the encryption – all you need is enough computing power, which of course the NSA and GCHQ have in abundance.

The Snowden files say the NSA spends $250 million a year on covertly influencing the product designs of technology companies, suggesting inserting such vulnerabilities is a high priority for the agency.

It could also be swiping keys directly from online service providers, says Kuhn. The TLS encryption protocol, which puts the "s" in secure https connections, relies on servers storing a secret key to decrypt incoming messages or transactions. The NSA could bribe a system administrator or otherwise infiltrate the organisation to gain access to these keys, allowing it to decrypt any intercepted traffic to the relevant server.

To avoid the NSA's gaze, Kuhn says people should turn to open-source software, where many people evaluate the underlying code and can identify any attempts to weaken it. "There is going to be a lot of pressure on IT decision-makers to justify why they gambled the security of their infrastructure on some close-sourced offering that is very likely infiltrated by NSA programmes."

Security agencies have the job of both intercepting harmful communications and defending nations from outside attack, but criminals or other nation states could also exploit NSA-mandated backdoors in internet systems. "If they have weakened the structure of the internet in the ways that the revelations say, then they have failed in the mission to protect national critical infrastructure," says Nigel Smart of the University of Bristol, UK.

For security technologist Bruce Schneier, who has helped The Guardian understand hundreds of the leaked NSA documents it is covering, it is all a breach too far: he has appealed for engineers on the inside of such tech company security subversion to turn whistleblower and tell their stories. He hopes the information they provide will help the Internet Engineering Task Force, a loose group of researchers and network security experts, "take the internet back" from the surveillance state at its next meeting in November.

Kenny Paterson at Royal Holloway, University of London has previously discovered flaws in the TLS protocol that could allow an attacker access to encrypted data in certain circumstances, but he says these exploits pale in significance if the NSA has direct access to company servers. "You don't know which companies have been required to hand over their secret keys and which haven't."

Many technology firms say they only work with intelligence agencies when legally compelled to – and largely because the right to run telecoms-related services depends on allowing "lawful interception" of their technologies under the terms of the UN's International Telecommunications Union's rules.

But some firms are engineering deep internet surveillance systems, according to a third tranche of product data sheets from the suppliers of wire-tapping and sub-sea cable interception systems, posted on the Wikileaks website.

If you would like to reuse any content from New Scientist, either in print or online, please contact the syndication department first for permission. New Scientist does not own rights to photos, but there are a variety of licensing options available for use of articles and graphics we own the copyright to.